Lido DAO Initiates Emergency Vote After Oracle Security Incident
The Ethereum staking protocol Lido DAO has triggered an emergency governance vote to remove a compromised oracle operated by validator provider Chorus One , following a security breach that resulted in the loss of 1.46 ETH (roughly $3,800).
Despite the incident, Lido Finance confirmed that the overall protocol remains fully secure and functional , thanks to its 5-of-9 oracle consensus mechanism — meaning no single node can compromise system integrity.
Emergency Governance Vote Launched
Following the breach, Lido DAO initiated a 72-hour emergency vote to replace the affected oracle with a new one. This is followed by a 48-hour objection period , as part of standard governance procedures.
While the proposal has received widespread community support, it has not yet reached quorum for final approval.
In a statement, Chorus One described the breach as an isolated incident, likely caused by a private key leak from a hot wallet. They are currently setting up a new node to restore services securely.
Early Detection Prevents Larger Damage
The attack was first detected when unusual ETH balance drops were observed on the oracle’s wallet address. On-chain data revealed that the attacker managed to drain 1.46 ETH from the compromised wallet.
However, both Lido and Chorus One quickly confirmed that the remaining eight oracles remained unaffected.
Chorus One clarified that the breach was not due to any code vulnerability, but rather an issue related to private key management . They added that the attacker’s behavior suggested targeting an automated system, rather than a deliberate, targeted exploit.
A full technical report is expected once the investigation concludes. Lido also resolved a separate oracle reporting delay on May 10 due to an unrelated technical glitch, ensuring that the team maintained full system stability throughout the incident.
Broader Implications for DeFi and Crypto Security
This incident highlights the critical role of cybersecurity in decentralized finance (DeFi) . According to cybersecurity firm Hacken , crypto hacks caused over $357 million in losses in April 2025 alone — a significant jump compared to March.
Dyma Budorin , CEO of Hacken, called for improved code audits and proactive security measures to defend against increasingly sophisticated attacks, especially those linked to North Korean hacking groups.
The Lido case serves as a reminder of the need for robust security frameworks across DeFi protocols, especially as more financial infrastructure moves on-chain.
About Lido Finance
Lido Finance stands as the top liquid staking protocol on Ethereum, enabling users to stake ETH and receive stETH — a token that fuels DeFi activities without requiring users to lock up their assets.
Launched in 2020, Lido now supports multiple chains including Polygon, Solana, and Polkadot , with a total value locked (TVL ) exceeding $10 billion .
The native token of Lido, LDO , is currently trading at $1.09 , down 5.19% in the last 24 hours , with trading volume declining 25.28% to $96.43 million . The project’s market cap stands at $986 million.
Despite recent price dips, LDO has shown strong momentum, rising 36.67% in the past week and 51.65% over the last 30 days .
With its decentralized architecture , oracle-based consensus system , and major upgrades like Lido V2 (launched in 2023) , Lido continues to position itself as a core infrastructure platform within the DeFi ecosystem — emphasizing security, transparency, and efficiency .
